ESET Threat Blog

I just did some work on a report that quotes some of the various statistics – or do I mean guesstimates? – regarding how many machines were likely to have been infected by Conficker. That report has already gone out, but it’s been pointed out to me that the wording makes it sound like we’re … Read More…

Well, this actually isn’t a lie, but a lot of what you read on the web are lies designed to steal money or identities. If you go to a web page and it says you need a new codec or new software to view a video or picture, or pretty much anything, the odds are … Read More…

I just happened upon a blog that made an interesting point about the information that’s been made about Conficker. Essentially, the writer was fulsome in her praise of an article by Gary Hinson here, which gave some simple advice on dealing with Conficker/Downadup. As it happens, I’m familiar with the name Gary Hinson: he also contributes … Read More…

I got asked "what is the big trend in security software at the moment".
It seems to me there are several significant threads to the answer, in terms of anti-malware.

Dynamic and/or behaviour analysis. Dynamic analysis as implemented in mainstream antimalware is basically an automated version of dynamic analysis is used in computer forensics. In general, … Read More…

The email scam du jour is an email scam promising government grants. One of the highly prevalent ones is from an alleged company called “Rapid Grants Solutions Kit”. I decided to search for them. This time I used Google, Yahoo, Live.com, and Ask.com. In al cases the results looked pretty shady.
The results with Google provided … Read More…

MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points.
* Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting, removing, … Read More…

I was recently quoted at http://www.internetnews.com/search/article.php/3798021 regarding Google ad words. Actually, ad words matter to advertisers and to some of the bad guys, but I don’t think the average user pays much attention to whether the result is an ad or what the industry calls an “organic” hit, which is anything but organic and is … Read More…

…no promise of chicks for free, but I did get spam this morning offering me a "Free-Trial kit" for some scheme for "making money through the Internet by doing almost nothing" (probably some sort of pyramid scheme, I guess, updated with a reference to using Google).
While I’m not about to take up the offer, I … Read More…

“What hath God wrought?” were the contents of the first ever telegraph message. http://memory.loc.gov/ammem/today/may24.html
An ominous message that would seem to reveal that Samuel Morse understood some security implications of technology, except, it was his friend’s young daughter who appears to have suggested the biblical verse. Perhaps “What hath God wrought” would have been a better … Read More…

[Update: Spiegl Online reports (in German!) that the total may be as high as 50 million infected machines: however, this figure seems to be extrapolated from the number of infections picked up Panda's online scanner. Statistically, I'm not sure it makes any sense at all to try to correlate this self-selecting sample to the total population of ... Read More…